Return the correct error code when the SCCB buffer is too small to
contain all of the output, for the Read SCP Information and
Read CPU Information commands.
Signed-off-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Reviewed-by: Jason J. Herne <jjherne@linux.ibm.com>
---
hw/s390x/sclp.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/hw/s390x/sclp.c b/hw/s390x/sclp.c
index 76feac8..8f7fe1c 100644
--- a/hw/s390x/sclp.c
+++ b/hw/s390x/sclp.c
@@ -68,6 +68,11 @@ static void read_SCP_info(SCLPDevice *sclp, SCCB *sccb)
read_info->ibc_val = cpu_to_be32(s390_get_ibc_val());
+ if (sccb->h.length < (sizeof(ReadInfo) + cpu_count * sizeof(CPUEntry))) {
+ sccb->h.response_code = cpu_to_be16(SCLP_RC_INSUFFICIENT_SCCB_LENGTH);
+ return;
+ }
+
/* Configuration Characteristic (Extension) */
s390_get_feat_block(S390_FEAT_TYPE_SCLP_CONF_CHAR,
read_info->conf_char);
@@ -118,6 +123,11 @@ static void sclp_read_cpu_info(SCLPDevice *sclp, SCCB *sccb)
cpu_info->offset_configured = cpu_to_be16(offsetof(ReadCpuInfo, entries));
cpu_info->nr_standby = cpu_to_be16(0);
+ if (sccb->h.length < (sizeof(ReadCpuInfo) + cpu_count * sizeof(CPUEntry))) {
+ sccb->h.response_code = cpu_to_be16(SCLP_RC_INSUFFICIENT_SCCB_LENGTH);
+ return;
+ }
+
/* The standby offset is 16-byte for each CPU */
cpu_info->offset_standby = cpu_to_be16(cpu_info->offset_configured
+ cpu_info->nr_configured*sizeof(CPUEntry));
--
2.7.4
On 26/09/2019 13.33, Claudio Imbrenda wrote:
> Return the correct error code when the SCCB buffer is too small to
> contain all of the output, for the Read SCP Information and
> Read CPU Information commands.
>
> Signed-off-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
> Reviewed-by: Jason J. Herne <jjherne@linux.ibm.com>
> ---
> hw/s390x/sclp.c | 10 ++++++++++
> 1 file changed, 10 insertions(+)
>
> diff --git a/hw/s390x/sclp.c b/hw/s390x/sclp.c
> index 76feac8..8f7fe1c 100644
> --- a/hw/s390x/sclp.c
> +++ b/hw/s390x/sclp.c
> @@ -68,6 +68,11 @@ static void read_SCP_info(SCLPDevice *sclp, SCCB *sccb)
>
> read_info->ibc_val = cpu_to_be32(s390_get_ibc_val());
>
> + if (sccb->h.length < (sizeof(ReadInfo) + cpu_count * sizeof(CPUEntry))) {
Don't you need a cpu16_to_cpu() around sccb->h.length?
> + sccb->h.response_code = cpu_to_be16(SCLP_RC_INSUFFICIENT_SCCB_LENGTH);
> + return;
> + }
> +
> /* Configuration Characteristic (Extension) */
> s390_get_feat_block(S390_FEAT_TYPE_SCLP_CONF_CHAR,
> read_info->conf_char);
> @@ -118,6 +123,11 @@ static void sclp_read_cpu_info(SCLPDevice *sclp, SCCB *sccb)
> cpu_info->offset_configured = cpu_to_be16(offsetof(ReadCpuInfo, entries));
> cpu_info->nr_standby = cpu_to_be16(0);
>
> + if (sccb->h.length < (sizeof(ReadCpuInfo) + cpu_count * sizeof(CPUEntry))) {
dito?
> + sccb->h.response_code = cpu_to_be16(SCLP_RC_INSUFFICIENT_SCCB_LENGTH);
> + return;
> + }
> +
> /* The standby offset is 16-byte for each CPU */
> cpu_info->offset_standby = cpu_to_be16(cpu_info->offset_configured
> + cpu_info->nr_configured*sizeof(CPUEntry));
>
Thomas
On 26/09/2019 14.20, Thomas Huth wrote:
> On 26/09/2019 13.33, Claudio Imbrenda wrote:
>> Return the correct error code when the SCCB buffer is too small to
>> contain all of the output, for the Read SCP Information and
>> Read CPU Information commands.
>>
>> Signed-off-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
>> Reviewed-by: Jason J. Herne <jjherne@linux.ibm.com>
>> ---
>> hw/s390x/sclp.c | 10 ++++++++++
>> 1 file changed, 10 insertions(+)
>>
>> diff --git a/hw/s390x/sclp.c b/hw/s390x/sclp.c
>> index 76feac8..8f7fe1c 100644
>> --- a/hw/s390x/sclp.c
>> +++ b/hw/s390x/sclp.c
>> @@ -68,6 +68,11 @@ static void read_SCP_info(SCLPDevice *sclp, SCCB *sccb)
>>
>> read_info->ibc_val = cpu_to_be32(s390_get_ibc_val());
>>
>> + if (sccb->h.length < (sizeof(ReadInfo) + cpu_count * sizeof(CPUEntry))) {
>
> Don't you need a cpu16_to_cpu() around sccb->h.length?
I meant be16_to_cpu(), obviously.
Thomas
© 2016 - 2026 Red Hat, Inc.